jenkins-plugin-blueocean: XSS vulnerability via user description in Blue Ocean (SECURITY-1204)

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java,...

CVE-2019-1003013

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java,...

PT-2019-11311 · Jenkins · Jenkins Blue Ocean Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugins versions 1.10.1 and earlier Description: A cross-site scripting issue exists that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as th...